This rule ensures that RDS DB instances have deletion protection enabled to prevent accidental data loss.
Rule | RDS DB instances should have deletion protection enabled |
Framework | FedRAMP Low Revision 4 |
Severity | ✔ Critical |
Rule Description
RDS (Relational Database Service) DB instances should have deletion protection enabled in order to comply with the security standards of FedRAMP Low Revision 4. Deletion protection ensures that accidental or unauthorized deletion of DB instances is prevented, avoiding data loss or service disruption.
Troubleshooting Steps (if applicable)
If deletion protection is not enabled for RDS DB instances, you may encounter the following issues:
Necessary Codes (if applicable)
To enable deletion protection for RDS DB instances, you can use the AWS Command Line Interface (CLI) or AWS SDK. The following code snippet demonstrates how to enable deletion protection using the AWS CLI:
aws rds modify-db-instance --db-instance-identifier <db-instance-id> --deletion-protection
Replace
<db-instance-id>
with the identifier of the RDS DB instance for which you want to enable deletion protection.Step-by-Step Guide for Remediation
To enable deletion protection for an RDS DB instance and comply with FedRAMP Low Revision 4, follow these steps:
Identify the RDS DB instance: Determine the identifier of the RDS DB instance that needs deletion protection enabled.
Access AWS Management Console: Login to the AWS Management Console using appropriate credentials.
Navigate to RDS service: Go to the RDS service dashboard by selecting it from the list of available services.
Select the RDS DB instance: Locate the desired DB instance in the RDS dashboard and select it.
Enable deletion protection: In the instance details page, scroll down to the 'Settings' section and click on the 'Modify' button.
Enable deletion protection option: In the modification settings, find the 'Deletion protection' option and check the box to enable it.
Save the changes: Scroll down to the bottom of the modification settings and click on the 'Apply immediately' button to save the changes.
Confirm modification completion: Wait for the modification to complete. The status of the DB instance should change to 'Modifying' during this process.
Verify deletion protection: After the modification is completed, go to the RDS dashboard and confirm that the deletion protection status is now enabled for the DB instance.
By following these steps, you have successfully enabled deletion protection for the RDS DB instance, ensuring compliance with the FedRAMP Low Revision 4 requirements.